DDoS attacks target Sakai over winter break

Two Distributed Denial of Service (DDoS) attacks disrupted network services over Winter Break, according to statements by the University’s Office of Information Technology.

The attacks, which occurred on Dec. 24 and Jan. 4, were directed primarily at Sakai, one of Rutgers’ online learning platform. The recent incidents mark the seventh and eighth times DDoS attacks have impaired network services over the past three semesters.

“We had external parties who launched an attack against several services that reside on the Rutgers network,” said Michele Norin, senior vice president and chief information officer for the University’s Office of Information Technology.

“The purpose of these attacks is purely to disrupt services, to disrupt websites," Norin said. "They’re designed to flood the network so that you can’t get access to services.”

Although Sakai experienced the most severe attack, attempts against other University websites and servers were also made, Norin said.

The first attack began on the morning of Dec. 24. Network services did not return to normal operating status until four days later. The second attack, which took place on the morning of Jan. 4, was mitigated within two hours, according to Office of Information Technology alerts.

The source of the attacks is unknown, and it is unclear whether they are connected to the previous five DDoS attacks.

The latest network outages affected certain students, including those who needed to submit final assignments to Sakai. Since the attacks occurred over Winter Break, their effects were not felt as strongly as on prior occasions.

Glenn Bouthillette, a School of Environmental and Biological Sciences junior, recalls an alarming incident in which a DDoS attack shut down Internet services right before Spring 2015 exams.

“I had no WiFi connection to anything. Not my phone, not my laptop, not even on the school's computers,” Bouthillette said.

In response to last year’s attacks, the University hired three cyber-security firms and increased security spending to $3 million, according to nj.com.

“We have acquired services from several external partners to help us in our ability to respond much more quickly to the attacks,” Norin said.

Murali Gunti, a School of Engineering first-year student, is only one student who is frustrated that even after a raise in tuition this school year, the University is still being affected by DDoS attacks.

“As the years go on, these attacks are becoming more frequent, and this could greatly impact the educational experience at Rutgers," Gunti said. "It is frustrating that they increased tuition to deal with DDoS attacks, but there are more and more each year.”

Riccardo Mui, a School of Engineering junior, began a petition earlier this year that requested tuition refunds for students, according to The Daily Targum.

Entitled the “Rutgers CyberDefence Budget Return,” the petition came in response to the September 2015 DDoS attack that took place after the increased security investment. It received 1,062 supporters.

“The fact that we are able to respond much more quickly is evidence that the services have made a difference for us,” Norin said.

Previous attacks were claimed to be the work of an anonymous party, who called the IT Department “a joke” after the network outage in April 2015. No one has claimed responsibility for the latest attacks.

It is unknown why the attacks occurred over break when they would cause minimal inconvenience to students.

“That can be a pattern with DDoS attacks," Norin said. "Sometimes they’ll probe and come back later."

She said that there is no way of knowing whether that was the case in this situation.

“University executives should put cyber-security as one of their top priorities. It is the responsibility of a real leader to focus on the most important issues first,” Bouthillette said.